Information security culture – state-of-the-art review between 2000 and 2013. (13th July 2015)
- Record Type:
- Journal Article
- Title:
- Information security culture – state-of-the-art review between 2000 and 2013. (13th July 2015)
- Main Title:
- Information security culture – state-of-the-art review between 2000 and 2013
- Authors:
- Karlsson, Fredrik
Åström, Joachim
Karlsson, Martin - Abstract:
- Abstract : Purpose: – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about. Design/methodology/approach: – Results are based on a literature review of information security culture research published between 2000 and 2013 (December). Findings: – This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical – lacking a structured use of empirical data – which means that it is quite immature. Research limitations/implications: – Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lackingAbstract : Purpose: – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about. Design/methodology/approach: – Results are based on a literature review of information security culture research published between 2000 and 2013 (December). Findings: – This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical – lacking a structured use of empirical data – which means that it is quite immature. Research limitations/implications: – Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lacking in existing research. Practical implications: – Findings show that existing research is, to a large extent, descriptive, philosophical or theoretical. Hence, it is difficult for practitioners to adopt these research results, such as frameworks for cultivating or assessment tools, which have not been empirically validated. Originality/value: – Few state-of-the-art reviews have sought to assess the maturity of existing research on information security culture. Findings on types of research methods used in information security culture research extend beyond the existing knowledge base, which allows for a critical discussion about existing research in this sub-discipline of information security. … (more)
- Is Part Of:
- Information and computer security. Volume 23:Number 3(2015)
- Journal:
- Information and computer security
- Issue:
- Volume 23:Number 3(2015)
- Issue Display:
- Volume 23, Issue 3 (2015)
- Year:
- 2015
- Volume:
- 23
- Issue:
- 3
- Issue Sort Value:
- 2015-0023-0003-0000
- Page Start:
- 246
- Page End:
- 285
- Publication Date:
- 2015-07-13
- Subjects:
- Information security -- Literature review -- Organizational culture -- Information security climate -- Information security culture -- State-of-the-art review
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-05-2014-0033 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8113.xml